Hijacking service workers via DOM Clobbering
https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering
https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering
PortSwigger Research
Hijacking service workers via DOM Clobbering
In this post, we'll briefly review how service worker hijacking works, then introduce a variant that can be triggered via DOM clobbering thanks to a quirk in document.getElementById(). Understanding s
Fibratus - A modern tool for Windows kernel exploration and observability with a focus on security
— https://github.com/rabbitstack/fibratus
— https://github.com/rabbitstack/fibratus
GitHub
GitHub - rabbitstack/fibratus: Adversary tradecraft detection, protection, and hunting
Adversary tradecraft detection, protection, and hunting - GitHub - rabbitstack/fibratus: Adversary tradecraft detection, protection, and hunting
RE2 Regex Testing in Google Docs
I recently found out about RE2 - fast regular expression library, but where can I testing this? And boom - google docs allowing testing regex with
I recently found out about RE2 - fast regular expression library, but where can I testing this? And boom - google docs allowing testing regex with
REGEXMATCH fuction.Memory Safe Languages in Android 13
https://security.googleblog.com/2022/12/memory-safe-languages-in-android-13.html
https://security.googleblog.com/2022/12/memory-safe-languages-in-android-13.html
Google Online Security Blog
Memory Safe Languages in Android 13
Posted by Jeffrey Vander Stoep For more than a decade, memory safety vulnerabilities have consistently represented more than 65% of vulne...
Coercer
A python noscript to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods.
https://github.com/p0dalirius/Coercer
A python noscript to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods.
https://github.com/p0dalirius/Coercer
GitHub
GitHub - p0dalirius/Coercer: A python noscript to automatically coerce a Windows server to authenticate on an arbitrary machine through…
A python noscript to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods. - p0dalirius/Coercer
PhpStorm 2022.3: PHP 8.2, New UI (Beta), Code Vision, Redis Support, Quick-Fixes Preview, and More
https://blog.jetbrains.com/phpstorm/2022/12/phpstorm-2022-3-whats-new/
https://blog.jetbrains.com/phpstorm/2022/12/phpstorm-2022-3-whats-new/
The JetBrains Blog
PhpStorm 2022.3: PHP 8.2, New UI (Beta), Code Vision, Redis Support, Quick-Fixes Preview, and More | The PhpStorm Blog
PhpStorm 2022.3 is now available! This major update brings a preview of the new UI, complete PHP 8.2 support, Redis support in database tools, Code Vision for PHP, quick-fix preview, Xdebug config
Re-using Ansible artifacts
https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_reuse.html#playbooks-reuse
https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_reuse.html#playbooks-reuse
Turning EDRs to Malicious Wipers Using 0-day Exploits
https://www.blackhat.com/eu-22/briefings/schedule/index.html#aikido-turning-edrs-to-malicious-wipers-using--day-exploits-29336
https://www.blackhat.com/eu-22/briefings/schedule/index.html#aikido-turning-edrs-to-malicious-wipers-using--day-exploits-29336
Blackhat
Black Hat Europe 2022
Text editor plugins for Salt states and YAML/Jinja
https://salt.tips/text-editor-plugins-for-salt-states-and-yaml-jinja/#pycharm
https://salt.tips/text-editor-plugins-for-salt-states-and-yaml-jinja/#pycharm
salt.tips
Text editor plugins for Salt states and YAML/Jinja
Salt and YAML/Jinja plugins for Vim, Emacs, Sublime Text, Atom, Visual Studio Code, PyCharm, Kate, MC and Eclipse
incident response plans in “3 words” / план реагирования на инцидеты в “трех словах”
- [en] According to SANS, incident response plans should include preparation, identification, containment, eradication, recovery, and lessons learned.
- [ru] Согласно SANS, планы реагирования на инциденты должны включать подготовку, идентификацию, локализацию, ликвидацию, восстановление и извлечение уроков.
- is everyone like this? does anyone have such a plan at all? )
- у всех так? вообще есть ли у кого-нибудь такой план? за исключением post-mortem, которого тоже как правило нет? 🙂
#note
- [en] According to SANS, incident response plans should include preparation, identification, containment, eradication, recovery, and lessons learned.
- [ru] Согласно SANS, планы реагирования на инциденты должны включать подготовку, идентификацию, локализацию, ликвидацию, восстановление и извлечение уроков.
- is everyone like this? does anyone have such a plan at all? )
- у всех так? вообще есть ли у кого-нибудь такой план? за исключением post-mortem, которого тоже как правило нет? 🙂
#note
AIDE (Advanced Intrusion Detection Environment])
is a file and directory integrity checker
* https://aide.github.io
#tool #review
is a file and directory integrity checker
* https://aide.github.io
#tool #review
OWASP Mutillidae II
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security enthusiasts.
— https://github.com/webpwnized/mutillidae
#tool
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security enthusiasts.
— https://github.com/webpwnized/mutillidae
#tool
GitHub
GitHub - webpwnized/mutillidae: OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a…
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, s...